Updating the Logging agent IAM APIKey by using a Helm chart
You can use Helm to update the Logging agent IAM APIKey that is deployed in the cluster. Updating the IAM APIKey might be required if you need to rotate the IAM APIKey or update the IAM APIKey for other reasons.
Complete the following steps to update the agent version that is deployed in the cluster:
Before you begin
Before you begin, complete the prerequisite tasks.
-
Install the following CLIs:
-
The IBM Cloud CLI to log in to the IBM Cloud and manage IBM Cloud services such as creating an API key. For more information, see Getting started with the IBM Cloud CLI.
-
The Kubernetes CLI to manage Kubernetes clusters by using
kubectl
commands. -
The Openshift CLI to manage OpenShift clusters from the command line.
-
-
Read about the Logging agent.
-
Generate an API Key for service ID authentication. For more information, see Generating an API Key for ingestion.
Update the agent with a new API key
If the secret has been created manually or if you are using iamMode=TrustedProfile
then do not refer to this document for updating the IAM APIKey.
Complete the following steps to update the agent with new APIKey:
-
Log in to the cluster. For more information, see Access your cluster.
-
Log in to the Helm registry. Choose one of the following options:
Option 1: Login to the Helm registry by running the
helm registry login
command:helm registry login -u iambearer -p $(ibmcloud iam oauth-tokens --output json | jq -r .iam_token | cut -d " " -f2) icr.io
Windows Windows PowerShell users should use this command instead:
helm registry login -u iambearer -p ((ibmcloud iam oauth-tokens --output json | ConvertFrom-Json).iam_token -replace 'Bearer ', '') icr.io
For more information, see Using Helm charts in Container Registry: Pulling charts from another registry or Helm repository
Option 2: Log in to the Helm registry in Container Registry by running the
ibmcloud cr login
command.You can use the
[ibmcloud cr login](/docs/Registry?topic=Registry-containerregcli#bx_cr_login)
command before you perform a Helm dry run or install. For more information, see Accessing Container Registry.Run the following commands:
ibmcloud cr region-set global
ibmcloud cr login [--client CLIENT]
-
Update the agent.
helm upgrade <install-name> oci://icr.io/ibm-observe/logs-agent-helm --version <chart-version> --values <PATH>/logs-values.yaml -n ibm-observe --create-namespace --set secret.iamAPIKey=<APIKey-value>
where:
<install-name>
is the name of the Helm installation (logging-agent
)<chart-version>
is the version of the helm chart. The Helm chart version should match the agent image version. For more information, see Helm chart versions.<PATH>
is the directory path where thelogs-values.yaml
file is located.<APIKey-value>
is the new IAM APIKey associated with the ServiceID.
For example, you can run the following command from the directory where the
logs-values.yaml
file is available:helm upgrade logging-agent oci://icr.io/ibm-observe/logs-agent-helm --version 1.5.0 --values ./logs-values.yaml -n ibm-observe --set secret.iamAPIKey=<secret>
To see installed agent name and chart version you can run
helm list -n NAMESPACE
. -
Restart the agent pods.
For Kubernetes clusters, run:
kubectl -n ibm-observe rollout restart ds/logs-agent
For OpenShift clusters, run:
oc -n ibm-observe rollout restart ds/logs-agent
Verify that logs are being delivered to your target destination
Complete the following steps:
-
When your agent is correctly configured, you can see logs through the default dashboard view. The Logging agent tags log records with a kubernetes object that includes the cluster name.
kubernetes.cluster_name:<CLUSTER_NAME>
You can run the query
kubernetes.cluster_name:<YOUR_CLUSTER_NAME>
in your IBM Cloud Logs instance to search for logs that are generated by your cluster.